How to secure database passwords in PHP?

Most of the websites are providing sing up and login facility to the user. User has to create a password and use it for login to the website. But it is very important to secure the password of the user. password_hash() function provides the facility to securely store the password of the user to the database.

Syntax

password_hash(Password, PASSWORD_DEFAULT)

Example: First parameter Password will contain the normal password. The second Parameter will contain PASSWORD_BCRYPT to make secure otherwise it contains PASSWORD_DEFAULT as default. Let’s see the example to understand properly.

  • dbconn.php
    filter_none

    edit
    close

    play_arrow

    link
    brightness_4
    code

    <?php  
      $db_host = "localhost";
      $db_name = "secure_pass";
      $db_pass = "";
      $db_user = "root";
      
      $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
      
      if (!$conn){
        die ('Failed to connect with server');
      }    
    ?>

    chevron_right

    
    

  • Signup Form:
    filter_none

    edit
    close

    play_arrow

    link
    brightness_4
    code

    <form action="index.php" method="POST">
      <label for="username">Username</label>
      <input type="text" name="username" required><br><br>
      
      <label for="password">Password</label>
      <input type="password" name="password" required><br><br>
      <input type="submit" name="submit" value="submit">    
    </form>

    chevron_right

    
    

  • index.php
    filter_none

    edit
    close

    play_arrow

    link
    brightness_4
    code

    <?php  
      //Include database connection file
      include 'dbconn.php';
      
      if (isset($_POST['submit'])){
        $username = $_POST['username'];
      
        // Normal Password
        $pass = $_POST['password']; 
      
        // Securing password using password_hash
        $secure_pass = password_hash($pass, PASSWORD_BCRYPT);
      
        $sql = "INSERT INTO login_tb (u_username, u_password)
        VALUES('$username', '$secure_pass')";
        $result = mysqli_query($conn, $sql);
      }
       
      // Include HTML sign up form
      include 'signup_form.php';
    ?>

    chevron_right

    
    

  • Outout:Password In Database.
    secure database password in php



My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.